PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
Privacy Zone for Youngsters
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Press ReleasesSpeeches and Articles & PapersAnnouncement of Public Interest
Exhibition MaterialsOther Related WebsitesArchiveOther Resources
On-line Self TrainingSubmissions to Public Consultation
image

Information Centre
Privacy Commissioner accepts an Undertaking by HSBC

 
Date: 14 August 2008

Privacy Commissioner accepts an Undertaking by HSBC
1.    The Privacy Commissioner for Personal Data has received from the Hongkong and Shanghai Banking Corporation Limited ("HSBC") a formal Undertaking assuring the Privacy Commissioner, Mr Roderick B Woo that HSBC will step up security measures in respect of the security of its customers' personal data in compliance with Data Protection Principle 4 in the Personal Data (Privacy) Ordinance ("the Ordinance").

2.    In May 2008, the Privacy Commissioner's attention was drawn to the fact that the Kwun Tong branch office of HSBC had lost a computer server that contained customers' personal data.  Even though no individual complainant has come forward, the Privacy Commissioner had taken the initiative to probe into the incident.

3.    Entirely on a non-admission of fault basis, HSBC has decided to give the Privacy Commissioner a written Undertaking which was signed by its Head of Legal and Compliance.  The terms of the Undertaking were in accordance with the Privacy Commissioner’s recommendations.

4.    Mr Woo said, "I appreciate the determination and commitment demonstrated by HSBC's formal assurance to step up security measures to protect its customers' data."

5.    In the Undertaking, HSBC undertakes to take all practicable steps to ensure that :-

(a)    No computer server containing personal data of HSBC customers will be left unattended during office refurbishment of relocation;
(b)  Staff or approved contractors entrusted by HSBC to handle computer servers containing personal data of HSBC customers are reliable, prudent and competent;
(c)    The new system migration will be completed on or before 31 August 2008 so that personal data of HSBC customers will no longer be stored in branch servers; and
(d)    No similar data loss incident will re-occur.

6.    "Having considered the Undertaking by HSBC and all the circumstances of the case, I am reasonably satisfied that a continuation or repetition of the incident is unlikely."  Mr. Woo said.

7.    The Privacy Commissioner will monitor HSBC's compliance of the Undertaking and in the event of its failing to abide by the terms of the Undertaking, he is not precluded from mounting a full-scale investigation.


END

 

Back to top

BackArchive

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer